Turns out companies get email pitches from money-seeking fraudsters too

1 / 1

Back to Gallery

The Securities and Exchange Commission warned public companies to consider cyberthreats when designing internal accounting controls after nine companies lost nearly $100 million from cyberfraud.

Perpetrators pose as company executives or vendors and use emails to convince employees to send large amounts of money to bank accounts controlled by the fraudsters, according to the SEC. Some of the frauds last for months. One of the companies lost more than $45 million and two lost more than $30 million, according to the SEC, which did not identify the companies, which included technology, machinery, real estate, energy, financial and consumer product firms.

Most the money wired to the fraudulent bank accounts was not recoverable.

Public companies have a responsibility to investors to design their internal accounting controls so they're not at risk for fraud. None of the nine companies was charged with failing to safeguard accounting procedures, according to the SEC.

The FBI estimates that fraud involving compromised business email accounts has cost companies more than $5 billion during the past five years.